Introducing the updated Proton. More services, one privacy mission. Learn more

Introducing the updated Proton. Learn more

Which VPN protocol is the best?

Posted on May 27th, 2019 by in Privacy & Security.

ProtonVPN VPN Protocol OpenVPN WireGuard IKEv2 PPTP L2TP

 

We explain what a VPN protocol is and what it does. We also compare the strengths and weaknesses of the most common protocols, including OpenVPN, WireGuard, IKEv2, PPTP, and L2TP.

Before you trust a VPN to protect your internet activity, you need to ensure they’ve put in place the necessary safeguards. Evaluating the more technical aspects of a VPN can be difficult. It often means struggling to understand an alphabet soup of different acronyms.

We have begun a series of posts where we explain some of our security measures so that people can make more informed decisions. Our first post explained what HMAC SHA-384 means. This post will investigate VPN protocols, what they do, how they work, and what it means if a VPN service uses OpenVPN over L2TP, for example.

This post delves into some of the inner workings of VPNs. While we try to explain terms clearly, this post will be more useful if you come in with some basic technical knowledge. If you’re not sure how a VPN works, it might be helpful to read the article linked below before continuing.

Learn how a VPN works

VPN Protocols

VPNs rely on what is called “tunneling” to create a private network between two computers over the internet. A VPN protocol, also known as a “tunneling protocol,” is the instructions your device uses to negotiate the secure encrypted connection that forms the network between your computer and another.

A VPN protocol is usually made up of two channels: a data channel and a control channel. The control channel is responsible for the key exchange, authentication, and parameter exchanges (like providing an IP or routes and DNS servers). The data channel, as you might have guessed, is responsible for transporting your internet traffic data. Together, these two channels establish and maintain a secure VPN tunnel. However, for your data to pass through this secure tunnel, it must be encapsulated.

Encapsulation is when a VPN protocol takes bits of data, known as data packets, from your internet traffic and places them inside another packet. This extra layer is necessary because the protocol configurations your VPN uses inside the data channel are not necessarily the same as the regular internet uses. The additional layer allows your information to travel through the VPN tunnel and arrive at its correct destination.

This is all a bit technical, so broad overview: When you connect to a VPN server, the VPN uses its control channel to establish shared keys and connect between your device and the server. Once this connection is established, the data channel begins transmitting your internet traffic. When a VPN discusses the strengths and weaknesses of its performance or talks about a “secure VPN tunnel,” it is talking about its data channel. Once the VPN tunnel has been established, the control channel is then tasked with maintaining the connection’s stability.

PPTP

Point-to-Point Tunneling Protocol (PPTP) is one of the older VPN protocols. It was initially developed with support from Microsoft, and thus all versions of Windows and most other operating systems have native support for PPTP.  

PPTP uses the Point-to-Point Protocol (PPP), which is like a proto-VPN in itself. Despite being quite old, PPP can authenticate a user (usually with MS-CHAP v2) and encapsulate data itself, letting it handle both control channel and data channel duties. However, PPP is not routable; it cannot be sent over the internet on its own. So PPTP encapsulates the PPP-encapsulated data again using generic routing encapsulation (GRE) to establish its data channel.

Unfortunately, PPTP does not have any of its own encryption or authentication features. It relies on PPP to implement these functions — which is problematic since PPP’s authentication system and the encryption that Microsoft added to it, MPPE, are both weak.

Encryption: Microsoft’s Point-to-Point Encryption protocol (MPPE), which uses the RSA RC4 algorithm. MPPE’s maximum strength is 128-bit keys.

Speed: Because its encryption protocols do not require much computing power (RC4 and only 128-bit keys), PPTP maintains fast connection speeds.

Known vulnerabilities: PPTP has had numerous known security vulnerabilities since 1998. One of the most severe vulnerabilities exploits unencapsulated MS-CHAP v2 authentication to perform a man-in-the-middle (MITM) attack.

Firewall ports: TCP port 1723. PPTP’s use of GRE means it cannot navigate a network address translation firewall and is one of the easiest VPN protocols to block. (A NAT firewall allows several people to share one public IP address at the same time. This is important because most individual users do not have their own IP address.)

Stability: PPTP is not as reliable, nor does it recover as quickly as OpenVPN over unstable network connections.

Conclusion: If you are concerned about securing your data, there is no reason to use PPTP. Even Microsoft has advised its users to upgrade to other VPN protocols to protect their data.

L2TP/IPSec

Layer two tunneling protocol (L2TP) was meant to replace PPTP. L2TP can handle authentication on its own and performs UDP encapsulation, so in a way, it can form both the control and data channel. However, similar to PPTP, it does not add any encryption itself. While L2TP can send PPP, to avoid PPP’s inherent weaknesses, L2TP is usually paired with the Internet Protocol security (IPSec) suite to handle its encryption and authentication.

IPSec is a flexible framework that can be applied to VPNs as well as routing and application-level security. When you connect to a VPN server with L2TP/IPSec, IPSec negotiates the shared keys and authenticates the connection of a secure control channel between your device and the server.

IPSec then encapsulates the data. When IPSec performs this encapsulation, it applies an authentication header and uses the Encapsulation Security Payload (ESP). These special headers add a digital signature to each packet so attackers cannot tamper with your data without alerting the VPN server.

ESP encrypts the encapsulated data packets so that no attacker can read them (and, depending on the settings of the VPN, also authenticates the data packet). Once IPSec has encapsulated the data, L2TP encapsulates that data again using UDP so that it can pass through the data channel.

Several VPN protocols, including IKEv2, use IPSec encryption. While generally secure, IPSec is very complex, which can lead to poor implementation. L2TP/IPSec is supported on most major operating systems.

Encryption: L2TP/IPSec can use either 3DES or AES encryption, although given that 3DES is now considered a weak cipher, it is rarely used.

Speed: L2TP/IPSec is generally slower than OpenVPN when using the same encryption strength. This is mainly due to the fact that the AES encryption used by OpenVPN is hardware accelerated on most common processors.

Known vulnerabilities: L2TP/IPSec is an advanced VPN protocol, but a leaked NSA presentation suggests that the intelligence agency has already found ways to tamper with it. Furthermore, due to the IPSec’s complexity, many VPN providers used pre-shared keys to set up L2TP/IPSec.  

Firewall ports: UDP port 500 is used for the initial key exchange, UDP port 5500 for NAT traversal, and UDP port 1701 to allow L2TP traffic. Because it uses these fixed ports, L2TP/IPSec is easier to block than some other protocols.

Stability: L2TP/IPSec is not as stable as some of the more advanced VPN protocols. Its complexity can lead to frequent network drops.

Conclusion: L2TP/IPSec’s security is undoubtedly an improvement over PPTP, but it might not protect your data from advanced attackers. Its slower speeds and instability also mean that users should only consider using L2TP/IPSec if there are no other options.

IKEv2/IPSec

Internet key exchange version two (IKEv2) is a relatively new tunneling protocol that is actually part of the IPSec suite itself. Microsoft and Cisco cooperated on the development of the original IKEv2/IPSec protocol, but there are now many open-source iterations.

IKEv2 sets up a control channel by authenticating a secure communication channel between your device and the VPN server using the Diffie–Hellman key exchange algorithm. IKEv2 then uses that secure communication channel to establish what is called a security association, which simply means your device and the VPN server are using the same encryption keys and algorithms to communicate.

Once the security association is in place, IPSec can create a tunnel, apply authenticated headers to your data packets, and encapsulate them with ESP. (Again, depending on which cipher is used, the ESP could handle the message authentication.) The encapsulated data packets are then encapsulated again in UDP so that they can pass through the tunnel.

IKEv2/IPSec is supported on Windows 7 and later versions, macOS 10.11 and later versions, as well as most mobile operating systems.

Encryption: IKEv2/IPSec can use a range of different cryptographic algorithms, including AES, Blowfish, and Camellia. It supports 256-bit encryption.

Speed: IKEv2/IPSec is a fast VPN protocol, although not usually as fast as hardware-accelerated OpenVPN or WireGuard.

Known vulnerabilities: IKEv2/IPSec has no known weaknesses, and almost all IT security experts consider it to be safe when properly implemented with Perfect Forward Secrecy.

Firewall ports: UDP port 500 is used for the initial key exchange and UDP port 4500 for NAT traversal. Because it always uses these ports, IKEv2/IPSec is easier to block than some other protocols.

Stability: IKEv2/IPSec supports the Mobility and Multihoming protocol, making it more reliable than most other VPN protocols, especially for users that are often switching between different WiFi networks.

Conclusion: With strong security, high speeds, and increased stability, IKEv2/IPSec is a good VPN protocol. However, the recent introduction of WireGuard means there are few reasons to choose it over the newer VPN protocol.

OpenVPN

OpenVPN is an open-source tunneling protocol. As opposed to VPN protocols that rely on the IPSec suite, OpenVPN uses SSL/TLS to handle its key exchange and set up its control channel and a unique OpenVPN protocol to handle encapsulation and the data channel.

This means that both its data channel and control channel are encrypted, which makes it somewhat unique compared to other VPN protocols. It is supported on all major operating systems via third-party software.

Encryption: OpenVPN can use any of the different cryptographic algorithms contained in the OpenSSL library to encrypt its data, including AES, RC5, and Blowfish.

Learn more about AES encryption

Speed: When using UDP, OpenVPN maintains fast connections, although IKEv2/IPSec and WireGuard are generally accepted to be quicker.

Known vulnerabilities: OpenVPN has no known vulnerabilities as long as it is implemented with a sufficiently strong encryption algorithm and Perfect Forward Secrecy. It is the industry standard for VPNs concerned about data security.

Firewall ports: OpenVPN can be configured to run on any UDP or TCP port, including port TCP port 443, which handles all HTTPS traffic and makes it very hard to block.

Stability: OpenVPN is very stable in general and has a TCP mode for defeating censorship.

Conclusion: OpenVPN is secure, reliable, and open source. It is one of the best VPN protocols currently in use, especially for users concerned primarily about data security. Its ability to route connections over TCP (see below) also makes it a good choice for evading censorship. However, although it lacks OpenVPN’s anti-censorship advantage, WireGuard is also secure and is faster than OpenVPN.

WireGuard®

WireGuard is an open-source VPN protocol that is secure, fast, and efficient.

Encryption: WireGuard uses ChaCha20 for symmetric encryption (RFC7539), Curve25519 for anonymous key exchange, Poly1305 for data authentication, and BLAKE2s for hashing (RFC7693). It automatically supports Perfect Forward Secrecy.

Speed: WireGuard uses new, high-speed cryptographic algorithms. ChaCha20, for example, is much simpler than AES ciphers of equal strength and nearly as fast, even though most devices now come with instructions for AES built into their hardware. The result is that WireGuard offers fast connection speeds and has low CPU requirements.

Known vulnerabilities: WireGuard has undergone various formal verifications, and to be incorporated in the Linux kernel, the WireGuard Linux codebase was independently audited by a third party.

Firewall ports: WireGuard uses UDP and can be configured to use any port. However, it does not currently support use over TCP.

Stability: WireGuard is a very stable VPN protocol and introduces new features that other tunneling protocols do not have, such as maintaining a VPN connection while changing VPN servers or changing WiFi networks.

Conclusion: A state-of-the-art VPN protocol, WireGuard is fast, efficient, and secure. It is not as “battle-tested” as OpenVPN and does not offer OpenVPN’s TCP-based anti-censorship capabilities (see below), but for most people, most of the time, it is the VPN protocol we recommend using.

Learn more about WireGuard

OpenVPN vs. WireGuard

Other important terms

Going through the comparisons of the different VPN protocols, you may have encountered acronyms or technical terms that you were not familiar with. We explain some of the most important ones here.

TCP vs. UDP

The transmission control protocol (TCP) and user datagram protocol (UDP) are the two different ways that devices can communicate with each other over the internet. They both run on the Internet Protocol, which is responsible for sending data packets to and from IP addresses.

When you see that a tunneling protocol uses a TCP port or a UDP port, it means that it sets up a connection between your computer and the VPN server using one of these two protocols.

Whether a VPN protocol uses TCP, UDP, or both can significantly affect its performance. The TCP primarily focuses on delivering data accurately by running additional checks to ensure that data is in the proper order and correcting it if it’s not.

This sounds like a good feature, but performing checks takes time, resulting in slower performance. Running a VPN over TCP (TCP over TCP) can slow down your connection in what’s called a TCP meltdown.

For example, if you have TCP traffic passing through an OpenVPN TCP tunnel and the TCP data in the tunnel detects an error, it will try to compensate, which could cause the TCP tunnel to overcompensate. This process can cause severe delays in the delivery of your data.

However, it is also good for defeating censorship. This is because HTTPS traffic uses TCP port 443, so if you route your VPN connection over the same port, it looks like ordinary secure VPN traffic. The ability to run VPN traffic over port 443 is one of the biggest advantages of using OpenVPN.

Learn more about TCP and UDP

Perfect Forward Secrecy

Perfect Forward Secrecy is a critical security component of encrypted communication. It refers to operations that govern how your encryption keys are generated. If your VPN supports Perfect Forward Secrecy, it will create a unique set of keys for each session (i.e., each time you establish a new VPN connection).

This means that even if an attacker somehow gets one of your keys, they can only use it to access data from that specific VPN session. The data in the rest of your sessions would remain safe since different unique keys protect them. It also means that your session key will remain secure even if your VPN’s private key is exposed.

Protocols used by Proton VPN apps

We started Proton VPN to ensure activists, dissidents, and journalists have secure and private access to the internet. To keep the Proton community safe, we only use trusted and vetted VPN protocols. The following list shows which VPN protocols are supported in our different apps:

  • Windows: OpenVPN and WireGuard
  • macOS: OpenVPN, WireGuard, and IKEv2
  • Android: OpenVPN, WireGuard, and IKEv2
  • iOS/iPadOS: OpenVPN, WireGard, and IKEv2
  • Linux: OpenVPN

Our Windows, macOS, Android, and iOS/iPadOS apps support Smart Protocol. This anti-censorship feature that intelligently probes networks to discover the best VPN protocol configuration required for optimal performance or bypass censorship.

For example, it can automatically switch from IKEv2 to OpenVPN, or OpenVPN UDP to OpenVPN TCP, using different ports as required.

Learn more about Smart Protocol

All of our apps use the strongest security settings supported by the VPN protocol. OpenVPN, WireGuard, and IKEv2/IPSec are the only protocols that the vast majority of IT security experts agree are secure.

We refuse to offer any VPN connections using PPTP or L2TP/IPSec (even though they are cheaper to run and easier to configure) because their security does not meet our standards.

When you sign in to Proton VPN, you can be confident that your VPN connection is using the latest and strongest tunneling protocols.

Best regards,
The Proton VPN Team

GET PROTON VPN

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter Facebook | Reddit

To get a free Proton Mail encrypted email account, visit: proton.me/mail

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

16 comments

  1. “Miss Scarlett”

    Can you just skip right to developing a personal “bubble” to shield from all the monsters out there in this scary world? Technologically Advanced of Course so there would be no real need to leave your own personal space!! I wouldn’t mind being in THAT kinda bubble at all!!
    Thank you isn’t enough gratitude; I don’t have much more than that for now, but know that you are valued and much appreciated… thank you!!
    I’ll have to keep quiet (it’ll be difficult) about how wonderful your services are; otherwise you may not get all the the projects you’re working on actually launched!! I’ll scream your names from the rooftops soon enough tho’!!

  2. Sayeed Parvez

    Thanks! Richie Koch
    The perfect guide to choosing a VPN protocol, That’s the exact guide I was looking for.

  3. Blake Van

    I was reading an article you wrote on MTU, IKEv2, ESP, TTL, IPsec, NAT, UDP, TCP,.,. Before coming to Proton’s VPN site for more information and to my surprise! Your at Proton! Your information is is very easy to understand and valuable, I’ve been with Proton VPN – Mail Plus member since May of last year and a strong advocate Protons Privacy mission. Thank You 😊

  4. Richie Koch

    Hi Blake,
    Glad you found the blog post helpful!

  5. Danilo

    Hi,
    I would like to use VPN service also from my QNAP NAS, is it possible with the subscription plan?
    Thanks
    Danilo

  6. Richie Koch

    Hi Danilo,
    We have not quite got ProtonVPN calibrated for QNAP NAS yet, but we are working on it.
    Cheers

  7. stebato

    Thanks a lot for using easy to understand language!

  8. HAL

    A very informative article, thanks. But when will you implement WireGuard ? Others have already done so like NordVPN and their NordLynx : https://nordvpn.com/blog/major-upgrade-nordlynx/ https://nordvpn.com/fr/blog/nordlynx-protocol-wireguard/
    So it seems that this is possible even if WireGuard … :)

  9. M. Nichols

    Hello,

    Nice article. Is there a way manually configure a windows machine to use IKEv2/IPSec over the proton servers?

    Regards,

    M. Nichols

  10. Roxana Zega

    Hello,

    This support article should guide you through all the installation steps. If you have any questions, please get in touch with our customer support team.

    Thanks

  11. Enemy of the [Surveillance] State

    Thank you for the work you do to protect privacy. I recently covered VPNs on my podcast and recommended ProtonVPN. Keep up the great work, guys.

  12. Joe

    Does ProtonVPN support Archer Ax1000 from TP-LINK that has a feature: built in VPN client including PPTP/L2TP?

  13. Abhishek

    A very nice, informative, simple and concise article.

  14. john

    Just updated from 1.453 to 2.0. On droid but my win7 tablet won’t update from v1.11 to 1.12 saying a MS kb update isn’t installed correctly. Extremely irritating as I run the vpn 24/7. I payed for this so it would sure be nice if the updates actually worked.

  15. Marko Brose

    When I’m connected with ProtonVPN I know that ProtonVPN got my back and feel save and secure

    Regards
    Marko

  16. Richie Koch

    Thanks Marko!

Comments are closed.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN